Hi, > Yes, detect script needs the credentials for detecting the version in > some cases.
yes thats true. Havn't found an easy way to determine the current TYPO3 version expect the version from the metatag not containing the patch level. > Its detect script issue. I am looking at this how to improve the > detect script. > > Thanks for the reporting. And thanks for looking into this. But i think all TYPO3 NVTs could get a rework: 1. The major version like 4.5, 6.1, 6.2 can be extracted from the: <meta name="generator" content="TYPO3 4.5 tags in the gb_typo3_detect.nasl -> No need to run checks of a 4.5 NVT against a 6.2 version. 2. The following NVTs: gb_typo3_49882.nasl secpod_typo3_back_path_lfi_vuln.nasl gb_typo3_multiple_dir_trav_vuln.nasl are using an own "foreach" loop to iterate over possible TYPO3 dirs which is already done by the gb_typo3_detect.nasl. 3. The following NVTs secpod_typo3_back_path_lfi_vuln.nasl gb_typo3_multiple_dir_trav_vuln.nasl are also doing an additional "confirm the application" request which is also already done by the gb_typo3_detect.nasl. _______________________________________________ Openvas-plugins mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins
